Powered by RND

Absolute AppSec

Ken Johnson and Seth Law
Absolute AppSec
Senaste avsnittet

Tillgängliga avsnitt

5 resultat 284
  • Episode 284 - BSidesSF/RSA Recap, Vibe Coding, WebAuthN
    Back after a hiatus for both BSidesSF and RSA, Seth and Ken recap their experience at both conferences. TL;DR - BSidesSF is great for technical security content and community, RSA focuses on sales for mostly large organizations and budgets. Two sides of the security industry coin and depends on preferences for which makes the most sense for career or business growth. This is followed by a short discussion on vibe coding educational security tools. Episode wraps with an article on MFA phishing and how WebAuthN helps prevent accidental exposure.
    --------  
  • Episode 283 - Intentionally-Vulnerable MCP Server, Hallucinating Software Packages
    Ok, so vulnerable MCP tools are a thing now? Ken demonstrates installing and running an intentionally vulnerable MCP server with a bunch of example issues. Following is a discussion of the recent article and research around hallucinations of 3rd party dependencies/libraries in AI-Generated Python and JavaScript. New attack targets all dependent on how creative the LLM is allowed to be. A short aside on why we talk about AI and LLMs so much.
    --------  
  • Episode 282 - Model Context Protocol, A2A, NHI Authentication
    It is time to talk about Model Context Protocol (MCP), Google's Agent 2 Agent specification, and get back to the crocs and socks of authentication for Non-Human Identities (NHIs). MCP servers have exploded over the last few weeks and provide a standard mechanism for LLMs to interact with pretty much _anything_. Seth and Ken talk about the risks, exposures, and where things could go from here.
    --------  
  • Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse
    The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.
    --------  
  • Episode 280 - Middleware Vulnerabilities, Identifying Enumeration with LLMs
    Seth and Ken are back with an episode dedicated to a review of the recent Next.js middleware vulnerability and how that impacts application security both specifically and in general. Over-dependence on third party software accompanied by agile development can lead to devastating results when security flaws are identified. A followup and demo of using LLMs to analyze HTTP sessions for user enumeration flaws as a sneak peak of an upcoming talk by Seth for BSidesSLC.
    --------  

Fler podcasts i Teknologi

Om Absolute AppSec

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Podcast-webbplats

Lyssna på Absolute AppSec, The Vergecast och många andra poddar från världens alla hörn med radio.se-appen

Hämta den kostnadsfria radio.se-appen

  • Bokmärk stationer och podcasts
  • Strömma via Wi-Fi eller Bluetooth
  • Stödjer Carplay & Android Auto
  • Många andra appfunktioner
Sociala nätverk
v7.17.1 | © 2007-2025 radio.de GmbH
Generated: 5/9/2025 - 6:59:04 PM